Updated chromium-browser-stable packages fix security vulnerability
Publication date: 18 Apr 2022Modification date: 18 Apr 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-1232 , CVE-2022-1305 , CVE-2022-1306 , CVE-2022-1307 , CVE-2022-1308 , CVE-2022-1309 , CVE-2022-1310 , CVE-2022-1311 , CVE-2022-1312 , CVE-2022-1313 , CVE-2022-1314 , CVE-2022-1364
Description
The chromium-browser-stable package has been updated to the 100.0.4896.127
version, fixing many CVE, along with fixes from the 100.0.4896.75 and
100.0.4896.88 versions.
Google is aware that an exploit for CVE-2022-1364 exists in the wild.
[1315901] High CVE-2022-1364: Type Confusion in V8. Reported by Clément
Lecigne of Google's Threat Analysis Group on 2022-04-13
[1311641] High CVE-2022-1232: Type Confusion in V8. Reported by Sergei
Glazunov of Google Project Zero on 2022-03-30
[1285234] High CVE-2022-1305: Use after free in storage. Reported by
Anonymous on 2022-01-07
[1299287] High CVE-2022-1306: Inappropriate implementation in compositing.
Reported by Sven Dysthe on 2022-02-21
[1301873] High CVE-2022-1307: Inappropriate implementation in full screen.
Reported by Irvan Kurniawan (sourc7) on 2022-03-01
[1283050] High CVE-2022-1308: Use after free in BFCache. Reported by Samet
Bekmezci @sametbekmezci on 2021-12-28
[1106456] High CVE-2022-1309: Insufficient policy enforcement in developer
tools. Reported by David Erceg on 2020-07-17
[1307610] High CVE-2022-1310: Use after free in regular expressions.
Reported by Brendon Tiszka on 2022-03-18
[1310717] High CVE-2022-1311: Use after free in Chrome OS shell. Reported
by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on
2022-03-28
[1311701] High CVE-2022-1312: Use after free in storage. Reported by
Leecraso and Guang Gong of 360 Vulnerability Research Institute on
2022-03-30
[1270539] Medium CVE-2022-1313: Use after free in tab groups. Reported by
Thomas Orlita on 2021-11-16
[1304658] Medium CVE-2022-1314: Type Confusion in V8. Reported by Bohan
Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2022-03-09
[1315276] Various fixes from internal audits, fuzzing and other initiatives
[1316420] Various fixes from internal audits, fuzzing and other initiatives
References
- https://bugs.mageia.org/show_bug.cgi?id=30276
- https://bugs.mageia.org/show_bug.cgi?id=30259
- https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html
- https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html
- https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1232
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1305
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1306
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1307
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1308
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1309
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1310
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1311
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1312
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1313
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1314
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1364
SRPMS
8/core
- chromium-browser-stable-100.0.4896.127-1.mga8